Image description: Anonymous person wearing a black hoodie holding a mobile device, with a city landscape in the background.

Protecting your privacy and identity online

David Kiley
Nov 7 · 8 min read

Did you know that between 2014–15, an estimated 1.6 million Australians experienced personal fraud? That’s roughly 8.5% of the population! In this article, we dig a little deeper into identity theft, information privacy, and how you can reduce your risk.

Watch episode 1 of our BE SAFE Security Series: Privacy & Phishing

First and foremost, what is ‘identity theft’?

While it may not take a lot of information, a talented cybercriminal can piece together an image of their target from just social media accounts and personal data left viewable in public forums. Some basic details and a good photo is all a criminal would need to start forging fake identity documents, which would be used to apply for loans and services under your name.

Would you know if your identity had been stolen?

  • Unaccounted withdrawals and purchases on your bank statements.
  • You no longer receive certain pieces of mail, i.e. bank statements and bills.
  • Receiving invoices or receipts for items that you haven’t purchased.

Think you’ve been a victim of identity theft?

  • If there are questionable transactions on your bank statement, reach out to your bank immediately to stop and/or investigate the transaction(s).
  • Irregular usage of your internet or questionable activity on your phone bill? Contact your service providers and let them know.
  • Search the ‘Help’ section of your social media account to either report fraudulent activity on your account, or get advice on how to change your account settings.
  • Lodge a report with the Australian Cyber Security Centre’s ReportCyber (previously ACORN).
  • Update your passwords if you feel they’ve been compromised, and ensure they’re strong.
  • Obtain a credit report from a reputable credit reference bureau to see if you’ve been affected by fraudulent activity.
  • Reach out to IDCare for personalised support.

Ways a cybercriminal can obtain someone’s personal information

Personal information can also be gleaned from documents and devices that have been discarded or lost such as unshredded bank statements, misplaced mobile phones and laptops, and login data from unsecure computers in an internet cafe.

Image description: statistical information — Identity crime costs Australia an estimated $1.6 billion dollars each year, with the major causes being credit card fraud, scams, and identity theft. *Source: https://www.cyber.gov.au/threats/identity-theft

Recognising a potential scam

One Phish, Two Phish, Red Phish, Blue Phish

  • The sender’s address: Check that the sender’s details are similar to the signatory of the message (the name at the bottom) and that the domain name matches the company. If you’re suspicious about the sender’s legitimacy, don’t send back a response. You can always search for the official contact number of the organisation and confirm that they have a record of the communication sent to you. Never use the links or contact information supplied via email, instant messages, or text to contact the organisation.
  • Check the content of the message: Is there broken English or grammatical errors? Is the company’s logo the wrong colour or pixelated? If a real company has the money to send you an email, then they’ve got the money to make sure the email is triple-checked for spelling and design (unless they’ve got a terrible marketing team!). Even the subject line is a good clue — did you actually order that package from DHL?

While the email itself can look legit, take some time to hover over (not click!) the links to see which website they’re linked to. Remember that you can always contact the organisation directly to verify that they have indeed sent you that specific communication. Even if none of your ‘suspicious flags’ are triggered — it might just be a great scam!

‘Over the phone’ Social Engineering

  • “If you don’t pay your tax bill on time, you will go to prison!”
  • “Hi, this is Kevin from your ISP — we’ve detected a problem with your internet connection. In order to maintain your service, I will need you to perform the following actions; Before I do so, I need to confirm your identity — what is your date of birth?”

If you’re ever in a situation where you doubt the validity of the caller:

  • Don’t authenticate yourself by providing any information to the random caller. It might be your bank calling, or it might not, even if it seems they have information about you.
  • Ask the caller for a reference number and tell them that you’ll call back at a more convenient time. Disregard any contact details they may offer (but write them down in case they need to be reported!).
  • Search for the contact details of the organisation, contact them through the officially published mediums, and quote the reference number you were given — this will show if the original call was genuine.

If the caller gets angry or threatening, hang up and block the number. No company that wants your ongoing support or business will treat you this way.

Seen a missed called from a number you don’t recognise? Google is your friend!

Educating yourself and your family members on the different types of cybercriminal activities is the best line of defence. Keep your eyes open for anything that looks suspicious — a healthy bit of scepticism never goes astray!


Maintaining your privacy online

Social media accounts

Here are some helpful ways to ensure your information is safe from prying eyes:

  • Check your privacy settings on every account you have on each social platform, and make sure your personal details (such as your birthday, hometown, email address, and phone number) are hidden from public view.
  • Set your wall posts to ‘Private’ to ensure they’re only being seen and shared with people you know and trust.
  • Be wary of ‘friend’ requests from strangers. If they’re not someone you know, or their account looks fake, delete the request and block/report the account.

Remember, the more personal information you share in a public domain, the greater the risk of identity theft. Consider the information that correlates across multiple websites too, i.e. personal details on Facebook, interests and check-ins on Instagram, employment and company details on LinkedIn — your name and/or contact details can link these accounts together:

An attacker may find your date of birth from Facebook, link to Instagram via your name/email and discover your address, and your current employment which can be cross-checked in your employment history published on LinkedIn. It is this type of information that may be used in a communication to create a façade of authenticity.

Online bank accounts and company databases

If there really is a need for you to update your details with a company, make sure you’re logging into their official website and not following a link from a suspicious email or text.

The stronger the password, the stronger the security!

  • Use a mixture of uppercase, lowercase, numbers and special characters i.e !#$%^&*_- and ensure it’s at least 12 characters long.
  • Make the password is unique to you, and not based on something like your birthdate or a pet’s name.
  • Make sure you’ve used a different password for each service.
  • Install a password manager app from a reputable company to make using secure passwords easier. This is the key in modern life — passwords are hard to remember!
  • If available, turn on multi-factor authentication on any online account you have. Multi-factor secures your account with not only something you know (a password), but something you have (the ability to generate a unique token). It might be a little annoying, but the peace of mind is worth it.

Having said that, be cautious of using SMS or email as a second factor. Both are insecure protocols and can be forged or intercepted.

Viruses, malware and software bugs

  • Set your computer, mobile phone and/or tablet to regularly download and install any available program updates and patches to avoid bugs and security breaches.
  • Avoid ‘jailbreaking’ devices — even though it might allow you new freedom on your device, it does so by breaking the inherent security model of the device (making you more susceptible to compromise).
  • Run anti-malware software to ensure your device is as safe and secure as possible. While anti-malware packages may miss new types of malware, they protect you against a long string of commoditised malware that’s been around for a long time (and is still used).
  • Be careful when using Wi-Fi hotspots if you’re dealing with sensitive information, as the connection may not be secure. While the easiest choice is to simply not use open Wi-Fi hotspots, that might not always be practical. If you have absolutely no choice, set up a VPN and use that over the unsecured link.

If you’d like to learn more about protecting you and your family from identity theft, join our Privacy and Online Safety group on Facebook.

Belong

belong.com.au

David Kiley

Written by

If I’m not teaching people how to dance, or folding origami, I’m writing articles and helping members of the Belong family with their internet and mobiles.

Belong

Belong

belong.com.au

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade